0
votes

I'm doing some research on hacking, and I came upon some Cheat Engine tutorials for memory hacking. If we wanted to find the memory address of a variable, we would have to scan the memory of the process using Cheat Engine to find the address. However, since these addresses are dynamic, each time a new process of this game is run, the address would change.

So the tutorial introduced Static addresses which do not change for each instance of the game. And to find this address we had to scan repeatedly for "what accesses this address", using the the register from the line of assembly from the previous scan to find the next. The assembly would be in the form of

opcode [esi + offset]

So in the end, we get an address and an offset, which happens to be the base address.

But how does this work?

Also, I don't really understand the notion of a base address. Is it some kind of a relative address to where the program is loaded in memory? This way it doesn't change when we load the program again?

1
I want to make sure I understand: You're asking how "some cheat engine" works? - Drew Dormann
More of how base pointers work - lor

1 Answers

1
votes

The variable in question is likely stored in a class that is dynamically allocated at runtime, that is why the variable's address changes on each run. Being dynamically allocated, something has to refer to that address, and that is where static addresses start coming into play. In your example, ESI has likely been assigned the base memory address of the allocated class, such as with a mov esi, [somevar] statement (where somevar is a pointer variable that contains the allocated address) and offset is the byte offset of the target variable within the class. So find somevar first and then you can follow it to the target variable.